Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
businessobjects vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2020-26831
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to int...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
5.5
CVSSv2
CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will no...
Sap Businessobjects Business Intelligence Platform 4.0
Sap Businessobjects Business Intelligence Platform 4.1
5.5
CVSSv2
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
5.5
CVSSv2
CVE-2018-2445
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an malicious user to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.2
5
CVSSv2
CVE-2021-40497
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an malicious user to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system s...
Sap Businessobjects Analysis 420
Sap Businessobjects Analysis 430
5
CVSSv2
CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated malicious user to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploita...
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
5
CVSSv2
CVE-2015-2074
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote malicious users to write to arbitrary files via a full pathname, aka SAP Note 2018681.
Sap Businessobjects Edge 4.0
5
CVSSv2
CVE-2015-2073
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote malicious users to read arbitrary files via a full pathname, aka SAP Note 2018682.
Sap Businessobjects Edge 4.0
5
CVSSv2
CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
3 Github repositories
5
CVSSv2
CVE-2020-6288
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerab...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »